Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   Security Update 2014-001 (Mountain Lion and Lion)

   Adam C. Engst

   As is common, along with OS X 10.9.2 (see '[1]10.9.2 Fixes Critical SSL
   Security Bug, Adds FaceTime Audio,' 25 February 2014), Apple has
   released Security Update 2014-001 with security fixes for those still
   using OS X 10.8 Mountain Lion, 10.7 Lion, and 10.7 Lion Server. Alas,
   it seems that people running 10.6 Snow Leopard are now out in the cold,
   since this is the first security update to drop Snow Leopard-specific
   fixes. Security Update 2014-001 doesn't need to address the recently
   discovered SSL/TLS security vulnerability (see '[2]Apple Updates iOS
   and Apple TV to Fix Critical SSL Security Bug,' 24 February 2014)
   because it doesn't affect versions of Mac OS X prior to 10.9. But
   [3]the fixes it provides are still significant, addressing
   vulnerabilities in app sandboxing, font handling, image display, Nvidia
   drivers, Quick Look, QuickTime, and the system clock, along with the
   Apache Web server and PHP scripting language. (All updates are free.
   [4]For 10.8 Mountain Lion, 115.8 MB; [5]for 10.7 Lion, 123.4 MB; [6]for
   10.7 Lion Server, 173.6 MB.)

References

   1. http://tidbits.com/article/14544
   2. http://tidbits.com/article/14537
   3. http://support.apple.com/kb/HT6150
   4. http://support.apple.com/kb/DL1729
   5. http://support.apple.com/kb/DL1727
   6. http://support.apple.com/kb/DL1728

.